--- loncom/homework/grades.pm 2003/06/20 20:13:18 1.103 +++ loncom/homework/grades.pm 2003/06/24 15:45:17 1.108 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # The LON-CAPA Grading handler # -# $Id: grades.pm,v 1.103 2003/06/20 20:13:18 albertel Exp $ +# $Id: grades.pm,v 1.108 2003/06/24 15:45:17 albertel Exp $ # # Copyright Michigan State University Board of Trustees # @@ -131,7 +131,6 @@ sub getclasslist { # filter students according to status selected if ($filterlist && $ENV{'form.status'} ne 'Any') { if ($ENV{'form.status'} ne $status) { -Apache->request->print("

removed

"); delete ($classlist->{$_}); next; } @@ -455,7 +454,7 @@ LISTJAVASCRIPT next if ($statusflg eq '' && $submitonly eq 'yes'); $ctr++; - if ( $Apache::grades::viewgrades eq 'F' ) { + if ( $perm{'vgr'} eq 'F' ) { $gradeTable.=''. ''."\n". @@ -1059,11 +1058,18 @@ sub submission { (my $url=$ENV{'form.url'})=~s-^http://($ENV{'SERVER_NAME'}|$ENV{'HTTP_HOST'})--; my ($uname,$udom) = ($ENV{'form.student'},$ENV{'form.userdom'}); - + my $usec = &Apache::lonnet::getsection($udom,$uname,$ENV{'request.course.id'}); $ENV{'form.fullname'} = &get_fullname ($uname,$udom) if $ENV{'form.fullname'} eq ''; my $symb=($ENV{'form.symb'} ne '' ? $ENV{'form.symb'} : (&Apache::lonnet::symbread($url))); if ($symb eq '') { $request->print("Unable to handle ambiguous references:$url:."); return ''; } + + if (!&canview($usec)) { + $request->print('Unable to view requested student.('.$uname.$udom.$usec.$ENV{'request.course.id'}.')'); + $request->print(&show_grading_menu_form($symb,$url)); + return; + } + my $last = ($ENV{'form.lastSub'} eq 'last' ? 'last' : ''); # header info @@ -1258,7 +1264,7 @@ KEYWORDS } else { for my $part (sort keys(%$handgrade)) { foreach (@$string) { - my ($partid,$respid) = /^resource\.(\d+)\.(\d+)\.submission/; + my ($partid,$respid) = /^resource\.(\w+)\.(\w+)\.submission/; if ($part eq ($partid.'_'.$respid)) { my ($ressub,$subval) = split(/:/,$_,2); # Similarity check @@ -1297,7 +1303,7 @@ KEYWORDS } # return if view submission with no grading option - if ($ENV{'form.showgrading'} eq '') { + if ($ENV{'form.showgrading'} eq '' || (!&canmodify($usec))) { $request->print(''."\n"); $request->print(&show_grading_menu_form($symb,$url)) if (($ENV{'form.command'} eq 'submission') || @@ -1441,6 +1447,11 @@ sub processHandGrade { $ctr++; next; } + if ($errorflag eq 'not_allowed') { + $request->print("Not allowed to modify grades for $uname:$udom"); + $ctr++; + next; + } my $includemsg = $ENV{'form.includemsg'.$ctr}; my ($subject,$message,$msgstatus) = ('','',''); if ($includemsg =~ /savemsg|newmsg\Q$ctr\E/) { @@ -1460,12 +1471,16 @@ sub processHandGrade { if ($ENV{'form.collaborator'.$ctr}) { my (@collaborators) = split(/:/,$ENV{'form.collaborator'.$ctr}); foreach (@collaborators) { - &saveHandGrade($request,$url,$symb,$_,$udom,$ctr, - $ENV{'form.unamedom'.$ctr}); - if ($message ne '') { - $msgstatus = &Apache::lonmsg::user_normal_msg ($_,$udom, - $ENV{'form.msgsub'}, - $message); + my ($errorflag,$pts,$wgt) = &saveHandGrade($request,$url,$symb,$_,$udom,$ctr,$ENV{'form.unamedom'.$ctr}); + if ($errorflag eq 'not_allowed') { + $request->print("Not allowed to modify grades for $_:$udom"); + next; + } else { + if ($message ne '') { + $msgstatus = &Apache::lonmsg::user_normal_msg ($_,$udom, + $ENV{'form.msgsub'}, + $message); + } } } } @@ -1598,6 +1613,9 @@ sub processHandGrade { #---- Save the score and award for each student, if changed sub saveHandGrade { my ($request,$url,$symb,$stuname,$domain,$newflg,$submitter) = @_; + my $usec = &Apache::lonnet::getsection($domain,$stuname, + $ENV{'request.course.id'}); + if (!&canmodify($usec)) { return('not_allowed'); } my %record = &Apache::lonnet::restore($symb,$ENV{'request.course.id'},$domain,$stuname); my %newrecord = (); my ($pts,$wgt) = ('',''); @@ -2062,10 +2080,15 @@ sub editgrades { my ($uname,$udom)=split(/_/,$user); my %newrecord; my $updateflag = 0; - $line .= ''.$uname.' '. $udom.' '. $$fullname{$usercolon}.' '; + my $usec=$classlist->{"$uname:$udom"}[5]; + if (!&canmodify($usec)) { + my $numcols=scalar(@partid)*(scalar(@parts)-1)*2; + $noupdate.=$line."Not allowed to modify student"; + next; + } foreach (@partid) { my $old_aw = $ENV{'form.GD_'.$user.'_'.$_.'_awarded_s'}; my $old_part_pcr = $old_aw/($weight{$_} ne '0' ? $weight{$_}:1); @@ -2123,7 +2146,8 @@ sub editgrades { } } if ($noupdate) { - $result .= 'No Changes Occured For the Students Below'.$noupdate; + my $numcols=(scalar(@partid)*(scalar(@parts)-1)*2)+3; + $result .= 'No Changes Occured For the Students Below'.$noupdate; } $result .= ''."\n". &show_grading_menu_form ($symb,$url); @@ -2326,7 +2350,7 @@ CSVFORMJS $result.=''."\n"; my $upfile_select=&Apache::loncommon::upfile_select_html(); $result.=< +
@@ -2405,6 +2429,7 @@ sub csvuploadassign { $request->print('

Assigning Grades

'); my $courseid=$ENV{'request.course.id'}; my ($classlist) = &getclasslist('all',0); + my @notallowed; my @skipped; my $countdone=0; foreach my $grade (@gradedata) { @@ -2415,6 +2440,11 @@ sub csvuploadassign { push(@skipped,"$username:$domain"); next; } + my $usec=$classlist->{"$username:$domain"}[5]; + if (!&canmodify($usec)) { + push(@notallowed,"$username:$domain"); + next; + } my %grades; foreach my $dest (keys(%fields)) { if ($dest eq 'username' || $dest eq 'domain') { next; } @@ -2433,9 +2463,14 @@ sub csvuploadassign { } $request->print("
Stored $countdone students\n"); if (@skipped) { - $request->print('
Skipped Students
'); - foreach my $student (@skipped) { $request->print("
$student"); } + $request->print('Skipped Students

'); + foreach my $student (@skipped) { $request->print("$student
\n"); } } + if (@notallowed) { + $request->print('

Students Not Allowed to Modify

'); + foreach my $student (@notallowed) { $request->print("$student
\n"); } + } + $request->print("
\n"); $request->print(&show_grading_menu_form($symb,$url)); return ''; } @@ -3477,38 +3512,34 @@ sub handler { delete($perm{'mgr'}); } } -# $Apache::lonxml::debug=1; -# &Apache::lonxml::debug("command is $command"); - if ($command eq 'submission') { + if ($command eq 'submission' && $perm{'vgr'}) { ($ENV{'form.student'} eq '' ? &listStudents($request) : &submission($request,0,0)); } elsif ($command eq 'pickStudentPage' && $perm{'vgr'}) { &pickStudentPage($request); } elsif ($command eq 'displayPage' && $perm{'vgr'}) { &displayPage($request); - } elsif ($command eq 'gradeByPage') { + } elsif ($command eq 'gradeByPage' && $perm{'mgr'}) { &updateGradeByPage($request); - } elsif ($command eq 'processGroup') { + } elsif ($command eq 'processGroup' && $perm{'vgr'}) { &processGroup($request); - } elsif ($command eq 'gradingmenu') { + } elsif ($command eq 'gradingmenu' && $perm{'vgr'}) { $request->print(&gradingmenu($request)); - } elsif ($command eq 'viewgrades') { + } elsif ($command eq 'viewgrades' && $perm{'vgr'}) { $request->print(&viewgrades($request)); - } elsif ($command eq 'handgrade') { + } elsif ($command eq 'handgrade' && $perm{'mgr'}) { $request->print(&processHandGrade($request)); - } elsif ($command eq 'editgrades') { + } elsif ($command eq 'editgrades' && $perm{'mgr'}) { $request->print(&editgrades($request)); - } elsif ($command eq 'verify') { + } elsif ($command eq 'verify' && $perm{'vgr'}) { $request->print(&verifyreceipt($request)); - } elsif ($command eq 'csvform') { + } elsif ($command eq 'csvform' && $perm{'mgr'}) { $request->print(&upcsvScores_form($request)); - } elsif ($command eq 'csvupload') { + } elsif ($command eq 'csvupload' && $perm{'mgr'}) { $request->print(&csvupload($request)); - } elsif ($command eq 'viewclasslist') { - $request->print(&viewclasslist($request)); - } elsif ($command eq 'csvuploadmap') { + } elsif ($command eq 'csvuploadmap' && $perm{'mgr'} ) { $request->print(&csvuploadmap($request)); - } elsif ($command eq 'csvuploadassign') { + } elsif ($command eq 'csvuploadassign' && $perm{'mgr'}) { if ($ENV{'form.associate'} ne 'Reverse Association') { $request->print(&csvuploadassign($request)); } else { @@ -3519,12 +3550,12 @@ sub handler { } $request->print(&csvuploadmap($request)); } - } elsif ($command eq 'scantron_selectphase') { + } elsif ($command eq 'scantron_selectphase' && $perm{'mgr'}) { $request->print(&scantron_selectphase($request)); - } elsif ($command eq 'scantron_process') { + } elsif ($command eq 'scantron_process' && $perm{'mgr'}) { $request->print(&scantron_process_students($request)); - } else { - $request->print("Unknown action: $command:"); + } elsif ($command) { + $request->print("Access Denied"); } } &send_footer($request);